I got an NDR for an email message that I didn't send!
Posted by , Last modified by Jennifer Millan on 05 December 2013 03:14 PM

When sending spam, spammers often will "spoof" the From address and return path so that the email appears to be legitimate.  When finding addresses to send to, they will use large databases of email addresses that were likely harvested from multiple sources.  These same databases can be used to choose and randomize the From address from, so if you are receiving any spam at all, there is a good chance that your address may be spoofed at some point.  

Most email systems are designed to filter messages by multiple means, including using SPF DNS records which are used to verify the sources IP address of the sending mail server against the domain. We've included this SPF record in your external domain records so this type of filtering can take place, but not all mail servers perform this level of filtering so some messages may get through to some servers, which is why you may get these types of NDRs, called backscatter.

Beyond correctly configuring the external zone DNS records for your domain, not much else can be done for this issue.  Typically, spammers will use a From address only for a short time for these purposes before moving on to another one as to avoid detection.

If you notice that these messages are being sent to individuals in your contacts list, that may be another issue and you should contact the Service Desk right away to verify that your machine is not infected.  If these NDRs reflect individuals not known to you, it is likely caused by the issue described above.

(0 vote(s))
Helpful
Not helpful

Comments (0)